CentOS7-CIS icon indicating copy to clipboard operation
CentOS7-CIS copied to clipboard

Published 20 hours ago verified publisher icon radsec

In many tasks it is simply mentioned `command: /bin/true`

Open MeenachiSundaram opened this issue 4 years ago • 1 comments

There is no use with this command related to CIS hardening

https://github.com/radsec/CentOS7-CIS/blob/master/tasks/section1.yml#L281

- name: "NOTSCORED | 1.1.18 | PATCH | Ensure nodev option set on removable media partitions"
  command: /bin/true
  changed_when: no
  when:
    - centos7cis_level1 is defined and centos7cis_level1
  tags:
    - level1
    - notscored
    - patch
    - rule_1.1.18

MeenachiSundaram avatar Apr 30 '20 10:04 MeenachiSundaram

So this is implemented so each CIS controls at least returns a value. Some people in the past have parsed Ansible playbook execution logs and use that to determine CIS benchmark compliance. A possible feature could be to only return true if requested? Thoughts?

radsec avatar May 28 '20 04:05 radsec